Help Center/ Anti-DDoS/ User Guide/ Setting a Protection Policy
Updated on 2024-12-02 GMT+08:00

Setting a Protection Policy

Anti-DDoS automatically enables defense against DDoS attacks for public IP addresses on Huawei Cloud (Huawei Cloud EIPs).

You can configure an Anti-DDoS defense policy in either of the following ways:

  • Use the default protection policy.

    The default protection policy is an initial policy and takes effect for all newly purchased EIPs. The default traffic scrubbing threshold is 120 Mbit/s and can be modified.

  • Manually set a protection policy.

    You can manually set protection policies for your public IP addresses in batches or one by one. The default protection policy will no longer be used for public IP addresses for which protection policies have been manually configured.

Manually Setting a Default Protection Policy

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS page is displayed.
  3. Select the Public IP Addresses tab and click Set Default Protection Policy.
  4. Set the traffic cleaning threshold based on the site requirements, as shown in Figure 1.

    Figure 1 Manually configuring the default protection policy
    Table 1 Parameter description

    Parameter

    Description

    Traffic Cleaning Threshold

    Anti-DDoS scrubs traffic when detecting that the incoming traffic of an IP address exceeds the threshold.

    You can set the traffic cleaning threshold based on your service traffic. Set the threshold to a value closest to the purchased bandwidth but not greater than the purchased bandwidth.

    The default protection rate is 120 Mbit/s. You can manually set more protection levels.

    NOTE:
    • If service traffic triggers scrubbing, only attack traffic is intercepted. If service traffic does not trigger scrubbing, no traffic is intercepted.
    • Set this parameter based on the actual service access traffic.

  5. Click OK.

    After you set the default protection policy, the newly purchased public IP addresses are protected based on the configured policy.

Manually Setting a Protection Policy

  1. Log in to the management console.
  2. Select the region in the upper part of the page, click in the upper left corner of the page, and choose Security > Anti-DDoS. The Anti-DDoS page is displayed.
  3. On the Public IP Addresses tab page, select a setting method based on the site requirements.

    • To configure protection policies for multiple public IP addresses, select multiple public IP addresses and choose Set Protection in the upper part of the page.
      Figure 2 Configuring protection policies in batches
    • To configure a protection policy for a single public IP address, in the row containing the desired public IP address, choose Set Protection.
      Figure 3 Configuring a protection policy for a public IP address

  4. Set the Traffic Cleaning Threshold based on the site requirements.

    Figure 4 Configuring a protection policy
    Table 2 Parameters for configuring a protection policy

    Parameter

    Description

    Traffic Cleaning Threshold

    Anti-DDoS scrubs traffic when detecting that the incoming traffic of an IP address exceeds the threshold.

    You can set the traffic cleaning threshold based on your service traffic. Set the threshold to a value closest to the purchased bandwidth but not greater than the purchased bandwidth.

    The default protection rate is 120 Mbit/s. You can manually set more protection levels.

    NOTE:
    • If service traffic triggers scrubbing, only attack traffic is intercepted. If service traffic does not trigger scrubbing, no traffic is intercepted.
    • Set this parameter based on the actual service access traffic. You are advised to set a value closest to, but not exceeding, the purchased bandwidth.

  5. Then, click OK.